package com.erebus.config;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
import org.springframework.stereotype.Component;

import java.util.Collection;

// 自定义token内容
@Component
public class CustomOAuth2TokenCustomizer implements OAuth2TokenCustomizer<OAuth2TokenClaimsContext> {

    @Override
    public void customize(OAuth2TokenClaimsContext context) {
        // 获取当前认证的用户信息
        var principal = context.getPrincipal();

        // 获取用户身份信息
        String username = principal.getName();

        // 获取用户权限（authorities）
        Collection<? extends GrantedAuthority> authorities = principal.getAuthorities();

        // 构建自定义 claims
        context.getClaims()
                .claim("username", username)
                .claim("authorities", authorities.stream().map(GrantedAuthority::getAuthority).toList())
                .claim("email", "user@example.com") // 可替换为真实数据
                .claim("organization", "Example Org");
    }
}